Lucene search
K

744 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 5:51 p.m.11 views

CVE-2026-24120

A flaw was found in vm2, an open-source sandbox for Node.js. This vulnerability allows a remote attacker to bypass existing security controls, specifically the fix for CVE-2023-37466. By circumventing the sandbox, an attacker can execute arbitrary commands on the host system, leading to a complet...

9.8CVSS6.2AI score0.00896EPSS
Exploits1References5
NVD
NVD
added 2026/05/14 5:16 p.m.22 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:8 p.m.13 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/14 4:8 p.m.15 views

CVE-2025-62316

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-62316 from the linked sources; no affected products, vectors, or remediation are stated.

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/05/14 8:48 a.m.17 views

K000161272: Spring Security vulnerability CVE-2026-22753

Security Advisory Description Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercise...

7.5CVSS5.8AI score0.00248EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40957

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 5:55 p.m.11 views

CVE-2026-0236

CVE-2026-0236 describes a code injection vulnerability in Palo Alto Networks Prisma® Browser for macOS where access to the AppleScript interface is not properly restricted. This allows a locally authenticated non-admin user to exploit an exposed Apple Event handler to send unauthorized commands t...

7.3CVSS5.9AI score0.00144EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/12 10:30 a.m.14 views

Why Agentic AI Is Security's Next Blind Spot

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:21 a.m.8 views

CVE-2026-27662

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

7.7CVSS5.8AI score0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 8:21 a.m.14 views

CVE-2026-27662

Technical details are not publicly available in the provided documents. Monitor for updates on affected products, vulnerable components, and remediation.

7.7CVSS5.8AI score0.00113EPSS
Exploits0References1
hivepro
hivepro
added 2026/05/07 4:45 a.m.9 views

Cyber Insurance Requirements for Cybersecurity

Cyber Insurance Requirements for Cybersecurity Cyber insurance requirements cybersecurity teams face today are stricter than they were even a few years ago. Underwriters no longer accept a simple security questionnaire and a list of tools. They want evidence that your organization can identify...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/30 2:2 p.m.8 views

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

9.1CVSS6.8AI score0.00307EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/30 1:58 p.m.8 views

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

9.1CVSS6.8AI score0.00307EPSS
Exploits0References5
Veracode
Veracode
added 2026/04/29 1:18 p.m.19 views

Improper Access Control

Spring Security is vulnerable to Improper Access Control. The vulnerability is due to incorrect request matching when using securityMatchersString with a PathPatternRequestMatcher.Builder that prepends a servlet path, causing requests to bypass the intended filter chain and leaving authentication...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/26 12:0 a.m.9 views

SMSI: System Model Security Inference: Automated Threat Modeling for Cyber-Physical Systems

Threat modeling for cyber-physical systems CPS remains a largely manual exercise. This project presents SMSI System Model Security Inference, a hybrid neuro-symbolic pipeline that starts from a SysML architecture model and produces a prioritized list of NIST 800-53 security controls. The prototyp...

5.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/24 12:32 p.m.8 views

Medical data of 500,000 UK volunteers listed for sale on Alibaba

Half a million Britons signed up to help cure cancer. Their data ended up for sale on Alibaba. The UK Biobank charity informed the British government of an incident concerning the medical data belonging to 500,000 British citizens being offered for sale on the Chinese e-commerce website Alibaba...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 1:15 a.m.4 views

CVE-2026-6774

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 1:14 a.m.6 views

CVE-2026-6768

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: Cookies component...

9.8CVSS5.7AI score0.00285EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were caused by an issue with environment variable overrides in the host execution policy, which could allow attacker...

4.4CVSS5.9AI score0.00124EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 4:4 p.m.14 views

Security Bulletin: Denial of service, security controls bypass, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to denial of service, security controls bypass, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases involving certain custom...

8.2CVSS5.6AI score0.00864EPSS
Exploits2Affected Software1
Rows per page
Query Builder